def main(): nsswitch_conf = { 'group': ['files'], 'hosts': ['files', 'mdns', 'dns'], 'networks': ['files'], 'passwd': ['files'], 'shells': ['files'], 'services': ['files'], 'protocols': ['files'], 'rpc': ['files'], 'sudoers': ['files'] } verb = "start" if len(sys.argv) > 1: verb = sys.argv[1].lower() if verb == 'start': if activedirectory_enabled() and \ activedirectory_has_unix_extensions() and \ activedirectory_has_keytab(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') elif activedirectory_enabled() or \ domaincontroller_enabled() or nt4_enabled(): nsswitch_conf['passwd'].append('winbind') nsswitch_conf['group'].append('winbind') #if nt4_enabled(): # nsswitch_conf['hosts'].append('wins') if ldap_enabled() and ldap_anonymous_bind(): nsswitch_conf['passwd'].append('ldap') nsswitch_conf['group'].append('ldap') elif ldap_enabled(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') if ldap_sudo_configured(): nsswitch_conf['sudoers'].append('sss') if nis_enabled(): nsswitch_conf['passwd'].append('nis') nsswitch_conf['group'].append('nis') nsswitch_conf['hosts'].append('nis') try: fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644) for key in nsswitch_conf: line = "%s: %s\n" % ( key.strip(), string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ') ) os.write(fd, line) os.close(fd) except Exception as e: print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e) sys.exit(1)
def main(): nsswitch_conf = { 'group': ['files'], 'hosts': ['files', 'mdns', 'dns'], 'networks': ['files'], 'passwd': ['files'], 'shells': ['files'], 'services': ['files'], 'protocols': ['files'], 'rpc': ['files'], 'sudoers': ['files'] } verb = "start" if len(sys.argv) > 1: verb = sys.argv[1].lower() if verb == 'start': if activedirectory_enabled() and \ activedirectory_has_unix_extensions() and \ activedirectory_has_principal(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') elif activedirectory_enabled() or \ domaincontroller_enabled() or nt4_enabled(): nsswitch_conf['passwd'].append('winbind') nsswitch_conf['group'].append('winbind') #if nt4_enabled(): # nsswitch_conf['hosts'].append('wins') if ldap_enabled() and ldap_anonymous_bind(): nsswitch_conf['passwd'].append('ldap') nsswitch_conf['group'].append('ldap') elif ldap_enabled(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') if ldap_sudo_configured(): nsswitch_conf['sudoers'].append('sss') if nis_enabled(): nsswitch_conf['passwd'].append('nis') nsswitch_conf['group'].append('nis') nsswitch_conf['hosts'].append('nis') try: fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY | os.O_CREAT | os.O_TRUNC, 0644) for key in nsswitch_conf: line = "%s: %s\n" % ( key.strip(), string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ')) os.write(fd, line) os.close(fd) except Exception as e: print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e) sys.exit(1)
def main(): sssd_conf = None if ldap_enabled() and ldap_anonymous_bind(): sys.exit(1) sssd_setup() if os.path.exists(SSSD_CONFIGFILE): sssd_conf = SSSD_CONFIGFILE cookie = get_directoryservice_cookie() if not cookie: sys.exit(1) def nullfunc(): pass sc = SSSDConf(path=sssd_conf, parse=nullfunc, cookie=cookie) sc.add_sssd_section() sc.add_nss_section() sc.add_pam_section() if activedirectory_enabled() and activedirectory_has_unix_extensions(): add_activedirectory_section(sc) if ldap_enabled(): add_ldap_section(sc) sc.save(SSSD_CONFIGFILE)
def main(): sssd_conf = None sssd_setup() if os.path.exists(SSSD_CONFIGFILE): sssd_conf = SSSD_CONFIGFILE def nullfunc(): pass sc = SSSDConf(path=sssd_conf, parse=nullfunc) if not sc['sssd']: sc['sssd'] = SSSDSectionSSSD() sc['sssd'].config_file_version = 2 sc['sssd'].full_name_format = r"%2$s\%1$s" sc['sssd'].re_expression = r"(((?P<domain>[^\\]+)\\(?P<name>.+$))" \ r"|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))" if not sc['nss']: sc['nss'] = SSSDSectionNSS() sc['sssd'].add_service('nss') if not sc['pam']: sc['pam'] = SSSDSectionPAM() sc['sssd'].add_service('pam') if activedirectory_enabled() and activedirectory_has_unix_extensions(): add_activedirectory(sc) if ldap_enabled(): add_ldap(sc) sc.save(SSSD_CONFIGFILE)
def main(): sssd_conf = None if ldap_anonymous_bind(): sys.exit(1) sssd_setup() if os.path.exists(SSSD_CONFIGFILE): sssd_conf = SSSD_CONFIGFILE cookie = get_directoryservice_cookie() if not cookie: sys.exit(1) def nullfunc(): pass sc = SSSDConf(path=sssd_conf, parse=nullfunc, cookie=cookie) sc.add_sssd_section() sc.add_nss_section() sc.add_pam_section() if activedirectory_enabled() and activedirectory_has_unix_extensions(): add_activedirectory_section(sc) if ldap_enabled(): add_ldap_section(sc) sc.save(SSSD_CONFIGFILE)
def main(): sssd_conf = None sssd_setup() if os.path.exists(SSSD_CONFIGFILE): sssd_conf = SSSD_CONFIGFILE def nullfunc(): pass sc = SSSDConf(path=sssd_conf, parse=nullfunc) if not sc['sssd']: sc['sssd'] = SSSDSectionSSSD() sc['sssd'].config_file_version = 2 if not sc['nss']: sc['nss'] = SSSDSectionNSS() sc['sssd'].add_service('nss') if not sc['pam']: sc['pam'] = SSSDSectionPAM() sc['sssd'].add_service('pam') if activedirectory_enabled() and activedirectory_has_unix_extensions(): add_activedirectory(sc) if ldap_enabled(): add_ldap(sc) sc.save(SSSD_CONFIGFILE)
def get_directoryservice_cookie(): if activedirectory_enabled(): return get_activedirectory_cookie() if ldap_enabled(): return get_ldap_cookie() return None
def main(): ldap_conf = "/usr/local/etc/openldap/ldap.conf" if ldap_enabled(): ldap_conf_ldap(ldap_conf) elif activedirectory_enabled(): ldap_conf_activedirectory(ldap_conf)
def main(): ldap_conf = "/usr/local/etc/openldap/ldap.conf" if ldap_enabled(): ldap_conf_ldap(ldap_conf) elif activedirectory_enabled(): ldap_conf_activedirectory(ldap_conf)
def main(): sssd_conf = None sssd_setup() if os.path.exists(SSSD_CONFIGFILE): sssd_conf = SSSD_CONFIGFILE def nullfunc(): pass sc = SSSDConf(path=sssd_conf, parse=nullfunc) if not sc['sssd']: sc['sssd'] = SSSDSectionSSSD() sc['sssd'].config_file_version = 2 sc['sssd'].full_name_format = r"%2$s\%1$s" sc['sssd'].re_expression = r"(((?P<domain>[^\\]+)\\(?P<name>.+$))" \ r"|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?P<name>[^@\\]+)$))" if not sc['nss']: sc['nss'] = SSSDSectionNSS() sc['sssd'].add_service('nss') if not sc['pam']: sc['pam'] = SSSDSectionPAM() sc['sssd'].add_service('pam') if activedirectory_enabled() and activedirectory_has_unix_extensions(): add_activedirectory(sc) if ldap_enabled(): add_ldap(sc) sc.save(SSSD_CONFIGFILE)
def get_directoryservice_cookie(): if activedirectory_enabled(): return get_activedirectory_cookie() if ldap_enabled(): return get_ldap_cookie() return None
def main(): nsswitch_conf = { 'group': ['files'], 'hosts': ['files', 'dns'], 'networks': ['files'], 'passwd': ['files'], 'shells': ['files'], 'services': ['files'], 'protocols': ['files'], 'rpc': ['files'] } if activedirectory_enabled() and activedirectory_has_unix_extensions(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') elif activedirectory_enabled() or \ domaincontroller_enabled() or nt4_enabled(): nsswitch_conf['passwd'].append('winbind') nsswitch_conf['group'].append('winbind') if nt4_enabled(): nsswitch_conf['hosts'].append('wins') if ldap_enabled(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') if nis_enabled(): nsswitch_conf['passwd'].append('nis') nsswitch_conf['group'].append('nis') nsswitch_conf['hosts'].append('nis') try: fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644) for key in nsswitch_conf: line = "%s: %s\n" % ( key.strip(), string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ') ) os.write(fd, line) os.close(fd) except Exception as e: print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e) sys.exit(1)
def get_activedirectory_cookie(): cookie = '' if activedirectory_enabled(): cifs = CIFS.objects.latest('id') cookie = cifs.get_netbiosname().upper() parts = cookie.split('.') cookie = parts[0] return cookie
def get_activedirectory_cookie(): cookie = '' if activedirectory_enabled(): activedirectory = ActiveDirectory.objects.all()[0] cookie = activedirectory.ad_netbiosname.upper() parts = cookie.split('.') cookie = parts[0] return cookie
def get_activedirectory_cookie(): cookie = '' if activedirectory_enabled(): activedirectory = ActiveDirectory.objects.all()[0] cookie = activedirectory.ad_netbiosname.upper() parts = cookie.split('.') cookie = parts[0] return cookie
def main(): nsswitch_conf = { 'group': ['files'], 'hosts': ['files', 'dns'], 'networks': ['files'], 'passwd': ['files'], 'shells': ['files'], 'services': ['files'], 'protocols': ['files'], 'rpc': ['files'] } if activedirectory_enabled() and activedirectory_has_unix_extensions(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') elif activedirectory_enabled() or \ domaincontroller_enabled() or nt4_enabled(): nsswitch_conf['passwd'].append('winbind') nsswitch_conf['group'].append('winbind') if ldap_enabled(): nsswitch_conf['passwd'].append('sss') nsswitch_conf['group'].append('sss') if nis_enabled(): nsswitch_conf['passwd'].append('nis') nsswitch_conf['group'].append('nis') nsswitch_conf['hosts'].append('nis') try: fd = os.open(NSSWITCH_CONF_PATH, os.O_WRONLY|os.O_CREAT|os.O_TRUNC, 0644) for key in nsswitch_conf: line = "%s: %s\n" % ( key.strip(), string.join(map(lambda x: x.strip(), nsswitch_conf[key]), ' ') ) os.write(fd, line) os.close(fd) except Exception as e: print >> sys.stderr, "can't create %s: %s" % (NSSWITCH_CONF_PATH, e) sys.exit(1)
def _get_dflags(): dflags = 0 if activedirectory_enabled(): dflags |= U_AD_ENABLED elif nis_enabled(): dflags |= U_NIS_ENABLED elif ldap_enabled(): dflags |= U_LDAP_ENABLED return dflags
def __new__(cls, **kwargs): log.debug("FreeNAS_GroupCache.__new__: enter") obj = None if (ldap_enabled() or activedirectory_enabled() or nis_enabled()): obj = FreeNAS_Directory_LocalGroupCache(**kwargs) else: obj = FreeNAS_BaseCache(**kwargs) log.debug("FreeNAS_GroupCache.__new__: leave") return obj
def cache_count(**kwargs): if activedirectory_enabled(): _cache_count_ActiveDirectory(**kwargs) elif nis_enabled(): _cache_count_NIS(**kwargs) elif ldap_enabled(): _cache_count_default(**kwargs) else: _cache_count_default(**kwargs)
def cache_count(**kwargs): if activedirectory_enabled(): _cache_count_ActiveDirectory(**kwargs) elif nt4_enabled(): _cache_count_NT4(**kwargs) elif ldap_enabled(): _cache_count_default(**kwargs) else: _cache_count_default(**kwargs)
def cache_rawdump(**kwargs): if activedirectory_enabled(): _cache_rawdump_ActiveDirectory(**kwargs) elif nis_enabled(): _cache_rawdump_NIS(**kwargs) elif ldap_enabled(): _cache_rawdump_default(**kwargs) else: _cache_rawdump_default(**kwargs)
def cache_check(**kwargs): if activedirectory_enabled(): _cache_check_ActiveDirectory(**kwargs) elif nis_enabled(): _cache_check_NIS(**kwargs) elif ldap_enabled(): _cache_check_default(**kwargs) else: _cache_check_default(**kwargs)
def cache_check(**kwargs): if activedirectory_enabled(): _cache_check_ActiveDirectory(**kwargs) elif nt4_enabled(): _cache_check_NT4(**kwargs) elif ldap_enabled(): _cache_check_default(**kwargs) else: _cache_check_default(**kwargs)
def cache_rawdump(**kwargs): if activedirectory_enabled(): _cache_rawdump_ActiveDirectory(**kwargs) elif nt4_enabled(): _cache_rawdump_NT4(**kwargs) elif ldap_enabled(): _cache_rawdump_default(**kwargs) else: _cache_rawdump_default(**kwargs)
def main(): smb_conf_path = "/usr/local/etc/smb4.conf" smb4_tdb = [] smb4_conf = [] smb4_shares = [] backup_secrets_database() smb4_setup() old_samba4_datasets = get_old_samba4_datasets() if migration_available(old_samba4_datasets): do_migration(old_samba4_datasets) role = get_server_role() generate_smbusers() generate_smb4_tdb(smb4_tdb) generate_smb4_conf(smb4_conf, role) generate_smb4_system_shares(smb4_shares) generate_smb4_shares(smb4_shares) if role == 'dc' and not Samba4().domain_provisioned(): provision_smb4() with open(smb_conf_path, "w") as f: for line in smb4_conf: f.write(line + '\n') for line in smb4_shares: f.write(line + '\n') smb4_set_SID() if role == 'member' and smb4_ldap_enabled(): set_ldap_password() backup_secrets_database() if role != 'dc': if not Samba4().users_imported(): smb4_import_users( smb_conf_path, smb4_tdb, "/var/db/samba4/private/passdb.tdb" ) smb4_grant_rights() Samba4().user_import_sentinel_file_create() smb4_map_groups() if role == 'member' and activedirectory_enabled() and idmap_backend_rfc2307(): set_idmap_rfc2307_secret() restore_secrets_database()
def get_server_role(): role = "standalone" if nt4_enabled() or activedirectory_enabled() or smb4_ldap_enabled(): role = "member" if domaincontroller_enabled(): try: dc = DomainController.objects.all()[0] role = dc.dc_role except: pass return role
def get_server_role(): role = "standalone" if nt4_enabled() or activedirectory_enabled() or smb4_ldap_enabled(): role = "member" if domaincontroller_enabled(): try: dc = DomainController.objects.all()[0] role = dc.dc_role except: pass return role
def _get_dflags(): dflags = 0 if activedirectory_enabled(): dflags |= U_AD_ENABLED elif nis_enabled(): dflags |= U_NIS_ENABLED elif ldap_enabled(): dflags |= U_LDAP_ENABLED elif domaincontroller_enabled(): dflags |= U_DC_ENABLED return dflags
def __new__(cls, **kwargs): log.debug("FreeNAS_GroupCache.__new__: enter") obj = None if ldap_enabled() or activedirectory_enabled() or \ nt4_enabled() or nis_enabled(): obj = FreeNAS_Directory_LocalGroupCache(**kwargs) else: obj = FreeNAS_BaseCache(**kwargs) log.debug("FreeNAS_GroupCache.__new__: leave") return obj
def _get_dflags(): dflags = 0 if activedirectory_enabled(): dflags |= U_AD_ENABLED elif nt4_enabled(): dflags |= U_NT4_ENABLED elif nis_enabled(): dflags |= U_NIS_ENABLED elif ldap_enabled(): dflags |= U_LDAP_ENABLED return dflags
def __new__(cls, **kwargs): log.debug("FreeNAS_UserCache.__new__: enter") obj = None if ldap_enabled() or activedirectory_enabled() or \ nt4_enabled() or nis_enabled() or domaincontroller_enabled(): obj = FreeNAS_Directory_LocalUserCache(**kwargs) else: obj = FreeNAS_BaseCache(**kwargs) log.debug("FreeNAS_UserCache.__new__: leave") return obj
def __init__(self, *args, **kwargs): super(CIFSForm, self).__init__(*args, **kwargs) if self.data and self.data.get('cifs_srv_bindip'): if ',' in self.data['cifs_srv_bindip']: self.data = self.data.copy() self.data.setlist('cifs_srv_bindip', self.data['cifs_srv_bindip'].split(',')) self.fields['cifs_srv_bindip'].choices = list( choices.IPChoices(noloopback=False)) self.fields[ 'cifs_srv_unixcharset'].choices = choices.UNIXCHARSET_CHOICES() if self.instance.id and self.instance.cifs_srv_bindip: bindips = [] for ip in self.instance.cifs_srv_bindip: bindips.append(ip) self.fields['cifs_srv_bindip'].initial = (bindips) else: self.fields['cifs_srv_bindip'].initial = ('') if activedirectory_enabled(): self.initial['cifs_srv_localmaster'] = False self.fields['cifs_srv_localmaster'].widget.attrs[ 'disabled'] = 'disabled' self.initial['cifs_srv_timeserver'] = False self.fields['cifs_srv_timeserver'].widget.attrs[ 'disabled'] = 'disabled' self.initial['cifs_srv_domain_logons'] = False self.fields['cifs_srv_domain_logons'].widget.attrs[ 'disabled'] = 'disabled' elif ldap_enabled(): self.initial['cifs_srv_domain_logons'] = True self.fields['cifs_srv_domain_logons'].widget.attrs[ 'readonly'] = True _n = notifier() if not _n.is_freenas(): if not _n.failover_licensed(): del self.fields['cifs_srv_netbiosname_b'] else: from freenasUI.failover.utils import node_label_field node_label_field( _n.failover_node(), self.fields['cifs_srv_netbiosname'], self.fields['cifs_srv_netbiosname_b'], ) else: del self.fields['cifs_srv_netbiosname_b']
def __new__(cls, **kwargs): log.debug("FreeNAS_UserCache.__new__: enter") obj = None if ( ldap_enabled() or activedirectory_enabled() or nis_enabled() or domaincontroller_enabled() ): obj = FreeNAS_Directory_LocalUserCache(**kwargs) else: obj = FreeNAS_BaseCache(**kwargs) log.debug("FreeNAS_UserCache.__new__: leave") return obj
def run(context): global dispatcher dispatcher = context.client smb_conf_path = "/usr/local/etc/smb4.conf" smb4_tdb = [] smb4_conf = [] smb4_shares = [] smb4_setup() old_samba4_datasets = get_old_samba4_datasets() if migration_available(old_samba4_datasets): do_migration(old_samba4_datasets) role = get_server_role() generate_smb4_tdb(smb4_tdb) generate_smb4_conf(smb4_conf, role) generate_smb4_system_shares(smb4_shares) generate_smb4_shares(smb4_shares) if role == 'dc' and not Samba4().domain_provisioned(): provision_smb4() with open(smb_conf_path, "w") as f: for line in smb4_conf: f.write(line + '\n') for line in smb4_shares: f.write(line + '\n') f.close() context.emit_event('etcd.file_generated', { 'filename': smb_conf_path }) smb4_set_SID() if role == 'member' and smb4_ldap_enabled(): set_ldap_password() if role != 'dc': smb4_import_users(smb_conf_path, smb4_tdb, "/var/etc/private/passdb.tdb") smb4_map_groups() smb4_grant_rights() if role == 'member' and activedirectory_enabled() and idmap_backend_rfc2307(): set_idmap_rfc2307_secret()
def cache_keys(**kwargs): if activedirectory_enabled(): _cache_keys_ActiveDirectory(**kwargs) elif nis_enabled(): _cache_keys_NIS(**kwargs) elif nt4_enabled(): _cache_keys_NT4(**kwargs) elif ldap_enabled(): _cache_keys_default(**kwargs) else: _cache_keys_default(**kwargs)
def cache_keys(**kwargs): if activedirectory_enabled(): _cache_keys_ActiveDirectory(**kwargs) elif nis_enabled(): _cache_keys_NIS(**kwargs) elif nt4_enabled(): _cache_keys_NT4(**kwargs) elif ldap_enabled(): _cache_keys_default(**kwargs) else: _cache_keys_default(**kwargs)
def __new__(cls, **kwargs): log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter") obj = None if ldap_enabled(): obj = FreeNAS_LDAP_LocalGroupCache(**kwargs) elif activedirectory_enabled(): obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs) elif nis_enabled(): obj = FreeNAS_NIS_LocalGroupCache(**kwargs) log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave") return obj
def _get_dflags(): dflags = 0 if activedirectory_enabled(): dflags |= U_AD_ENABLED elif nt4_enabled(): dflags |= U_NT4_ENABLED elif nis_enabled(): dflags |= U_NIS_ENABLED elif ldap_enabled(): dflags |= U_LDAP_ENABLED elif domaincontroller_enabled(): dflags |= U_DC_ENABLED return dflags
def __init__(self, *args, **kwargs): super(CIFSForm, self).__init__(*args, **kwargs) if self.data and self.data.get('cifs_srv_bindip'): if ',' in self.data['cifs_srv_bindip']: self.data = self.data.copy() self.data.setlist( 'cifs_srv_bindip', self.data['cifs_srv_bindip'].split(',') ) self.fields['cifs_srv_bindip'].choices = list(choices.IPChoices(noloopback=False)) self.fields['cifs_srv_unixcharset'].choices = choices.UNIXCHARSET_CHOICES() if self.instance.id and self.instance.cifs_srv_bindip: bindips = [] for ip in self.instance.cifs_srv_bindip: bindips.append(ip) self.fields['cifs_srv_bindip'].initial = (bindips) else: self.fields['cifs_srv_bindip'].initial = ('') if activedirectory_enabled(): self.initial['cifs_srv_localmaster'] = False self.fields['cifs_srv_localmaster'].widget.attrs['disabled'] = 'disabled' self.initial['cifs_srv_timeserver'] = False self.fields['cifs_srv_timeserver'].widget.attrs['disabled'] = 'disabled' self.initial['cifs_srv_domain_logons'] = False self.fields['cifs_srv_domain_logons'].widget.attrs['disabled'] = 'disabled' elif ldap_enabled(): self.initial['cifs_srv_domain_logons'] = True self.fields['cifs_srv_domain_logons'].widget.attrs['readonly'] = True _n = notifier() if not _n.is_freenas(): if not _n.failover_licensed(): del self.fields['cifs_srv_netbiosname_b'] else: from freenasUI.failover.utils import node_label_field node_label_field( _n.failover_node(), self.fields['cifs_srv_netbiosname'], self.fields['cifs_srv_netbiosname_b'], ) else: del self.fields['cifs_srv_netbiosname_b']
def __new__(cls, **kwargs): log.debug("FreeNAS_Directory_UserCache.__new__: enter") obj = None if ldap_enabled(): obj = FreeNAS_LDAP_UserCache(**kwargs) elif activedirectory_enabled(): obj = FreeNAS_ActiveDirectory_UserCache(**kwargs) elif nis_enabled(): obj = FreeNAS_NIS_UserCache(**kwargs) elif domaincontroller_enabled(): obj = FreeNAS_DomainController_UserCache(**kwargs) log.debug("FreeNAS_Directory_UserCache.__new__: leave") return obj
def __new__(cls, **kwargs): log.debug("FreeNAS_Directory_LocalGroupCache.__new__: enter") obj = None if ldap_enabled(): obj = FreeNAS_LDAP_LocalGroupCache(**kwargs) elif activedirectory_enabled(): obj = FreeNAS_ActiveDirectory_LocalGroupCache(**kwargs) elif nt4_enabled(): obj = FreeNAS_NT4_LocalGroupCache(**kwargs) elif nis_enabled(): obj = FreeNAS_NIS_LocalGroupCache(**kwargs) log.debug("FreeNAS_Directory_LocalGroupCache.__new__: leave") return obj
def __new__(cls, **kwargs): log.debug("FreeNAS_Directory_LocalUserCache.__new__: enter") obj = None if ldap_enabled(): obj = FreeNAS_LDAP_LocalUserCache(**kwargs) elif activedirectory_enabled(): obj = FreeNAS_ActiveDirectory_LocalUserCache(**kwargs) elif nis_enabled(): obj = FreeNAS_NIS_LocalUserCache(**kwargs) elif domaincontroller_enabled(): obj = FreeNAS_DomainController_LocalUserCache(**kwargs) log.debug("FreeNAS_Directory_LocalUserCache.__new__: leave") return obj
def main(): sssd_setup() sc = SSSDConf(configfile=SSSD_CONFIGFILE) if not sc['sssd']: sc['sssd'] = SSSDSectionSSSD() if not sc['nss']: sc['nss'] = SSSDSectionNSS() sc['sssd'].add_service('nss') if not sc['pam']: sc['pam'] = SSSDSectionPAM() sc['sssd'].add_service('pam') if activedirectory_enabled() and activedirectory_has_unix_extensions(): add_activedirectory(sc) if ldap_enabled(): add_ldap(sc) sc.save(SSSD_CONFIGFILE)
def main(): sssd_setup() sc = SSSDConf(configfile=SSSD_CONFIGFILE) if not sc['sssd']: sc['sssd'] = SSSDSectionSSSD() if not sc['nss']: sc['nss'] = SSSDSectionNSS() sc['sssd'].add_service('nss') if not sc['pam']: sc['pam'] = SSSDSectionPAM() sc['sssd'].add_service('pam') if activedirectory_enabled() and activedirectory_has_unix_extensions(): add_activedirectory(sc) if ldap_enabled(): add_ldap(sc) sc.save(SSSD_CONFIGFILE)
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = "ftp" if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) if os.path.exists("/usr/local/etc/smbusers"): confset1(smb4_conf, "username map = /usr/local/etc/smbusers") confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = [] bindips = string.join(cifs.cifs_srv_bindip, " ") if role != "dc": bindips = "127.0.0.1 %s" % bindips n = notifier() bindips = bindips.split() for bindip in bindips: if not bindip: continue bindip = bindip.strip() iface = n.get_interface(bindip) if iface and n.is_carp_interface(iface): parent_iface = n.get_parent_interface(iface) if not parent_iface: continue parent_iinfo = n.get_interface_info(parent_iface[0]) if not parent_iinfo: continue interfaces.append("%s/%s" % (bindip, parent_iface[2])) else: interfaces.append(bindip) if interfaces: confset2(smb4_conf, "interfaces = %s", string.join(interfaces)) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl("kern.maxfilesperproc")) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") else: confset1(smb4_conf, "syslog only = no") if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "syslog = %s", cifs.cifs_srv_loglevel) else: confset1(smb4_conf, "syslog = 0") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode("utf8")) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset1(smb4_conf, "lm announce = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "acl check permissions = true") confset1(smb4_conf, "dos filemode = yes") confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no") if not smb4_ldap_enabled(): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if not nt4_enabled() and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no") idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, "tdb") configure_idmap_backend(smb4_conf, idmap, None) if role == "auto": confset1(smb4_conf, "server role = auto") elif role == "classic": confset1(smb4_conf, "server role = classic primary domain controller") elif role == "netbios": confset1(smb4_conf, "server role = netbios backup domain controller") elif role == "dc": confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == "member": confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif smb4_ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == "standalone": confset1(smb4_conf, "server role = standalone") set_netbiosname(smb4_conf, cifs.cifs_srv_netbiosname) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != "dc": confset1(smb4_conf, "pid directory = /var/run/samba") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) smb_options = cifs.cifs_srv_smb_options.encode("utf-8") smb_options = smb_options.strip() for line in smb_options.split("\n"): line = line.strip() if not line: continue confset1(smb4_conf, line)
def generate_smb4_shares(smb4_shares): try: shares = CIFS_Share.objects.all() except: return if len(shares) == 0: return for share in shares: if not share.cifs_home and not os.path.isdir(share.cifs_path.encode("utf8")): continue confset1(smb4_shares, "\n") if share.cifs_home: confset1(smb4_shares, "[homes]", space=0) valid_users_path = "%U" valid_users = "%U" if activedirectory_enabled(): try: ad = ActiveDirectory.objects.all()[0] if not ad.ad_use_default_domain: valid_users_path = "%D/%U" valid_users = "%D\%U" except: pass confset2(smb4_shares, "valid users = %s", valid_users) if share.cifs_path: cifs_homedir_path = u"%s/%s" % (share.cifs_path, valid_users_path) confset2(smb4_shares, "path = %s", cifs_homedir_path.encode("utf8")) if share.cifs_comment: confset2(smb4_shares, "comment = %s", share.cifs_comment.encode("utf8")) else: confset1(smb4_shares, "comment = Home Directories") else: confset2(smb4_shares, "[%s]", share.cifs_name.encode("utf8"), space=0) confset2(smb4_shares, "path = %s", share.cifs_path.encode("utf8")) confset2(smb4_shares, "comment = %s", share.cifs_comment.encode("utf8")) confset1(smb4_shares, "printable = no") confset1(smb4_shares, "veto files = /.snapshot/.windows/.mac/.zfs/") confset2(smb4_shares, "writeable = %s", "no" if share.cifs_ro else "yes") confset2(smb4_shares, "browseable = %s", "yes" if share.cifs_browsable else "no") task = None if share.cifs_storage_task: task = share.cifs_storage_task vfs_objects = [] if task: vfs_objects.append("shadow_copy2") extend_vfs_objects_for_zfs(share.cifs_path, vfs_objects) vfs_objects.extend(share.cifs_vfsobjects) if share.cifs_recyclebin: vfs_objects.append("recycle") confset1(smb4_shares, "recycle:repository = .recycle/%U") confset1(smb4_shares, "recycle:keeptree = yes") confset1(smb4_shares, "recycle:versions = yes") confset1(smb4_shares, "recycle:touch = yes") confset1(smb4_shares, "recycle:directory_mode = 0777") confset1(smb4_shares, "recycle:subdir_mode = 0700") if task: confset1(smb4_shares, "shadow:snapdir = .zfs/snapshot") confset1(smb4_shares, "shadow:sort = desc") confset1(smb4_shares, "shadow:localtime = yes") confset1( smb4_shares, "shadow:format = auto-%%Y%%m%%d.%%H%%M-%s%s" % (task.task_ret_count, task.task_ret_unit[0]) ) confset1(smb4_shares, "shadow:snapdirseverywhere = yes") config_share_for_vfs_objects(smb4_shares, vfs_objects) confset2(smb4_shares, "hide dot files = %s", "no" if share.cifs_showhiddenfiles else "yes") confset2(smb4_shares, "hosts allow = %s", share.cifs_hostsallow) confset2(smb4_shares, "hosts deny = %s", share.cifs_hostsdeny) confset2(smb4_shares, "guest ok = %s", "yes" if share.cifs_guestok else "no") confset2(smb4_shares, "guest only = %s", "yes" if share.cifs_guestonly else False) config_share_for_nfs4(smb4_shares) config_share_for_zfs(smb4_shares) for line in share.cifs_auxsmbconf.split("\n"): line = line.strip() if not line: continue line = line.encode("utf-8") confset1(smb4_shares, line)
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) if os.path.exists("/usr/local/etc/smbusers"): confset1(smb4_conf, "username map = /usr/local/etc/smbusers") confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) if cifs.cifs_srv_bindip: interfaces = [] bindips = string.join(cifs.cifs_srv_bindip, ' ') if role != 'dc': bindips = "127.0.0.1 %s" % bindips n = notifier() bindips = bindips.split() for bindip in bindips: if not bindip: continue bindip = bindip.strip() iface = n.get_interface(bindip) if iface and n.is_carp_interface(iface): parent_iface = n.get_parent_interface(iface) if not parent_iface: continue parent_iinfo = n.get_interface_info(parent_iface[0]) if not parent_iinfo: continue interfaces.append("%s/%s" % (bindip, parent_iface[2])) else: interfaces.append(bindip) if interfaces: confset2(smb4_conf, "interfaces = %s", string.join(interfaces)) confset1(smb4_conf, "bind interfaces only = yes") confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: loglevel = cifs.cifs_srv_loglevel else: loglevel = "0" if cifs.cifs_srv_syslog: confset1(smb4_conf, "logging = syslog:%s" % loglevel) else: confset1(smb4_conf, "logging = file") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset1(smb4_conf, "nsupdate command = /usr/local/bin/samba-nsupdate -g") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset1(smb4_conf, "lm announce = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") confset1(smb4_conf, "dos filemode = yes") confset2(smb4_conf, "multicast dns register = %s", "yes" if cifs.cifs_srv_zeroconf else "no") if not smb4_ldap_enabled(): confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") if (not nt4_enabled() and not activedirectory_enabled()): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else "no") idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb') configure_idmap_backend(smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif smb4_ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.get_netbiosname().upper()) if cifs.cifs_srv_netbiosalias: confset2(smb4_conf, "netbios aliases = %s", cifs.cifs_srv_netbiosalias.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) smb_options = cifs.cifs_srv_smb_options.encode('utf-8') smb_options = smb_options.strip() for line in smb_options.split('\n'): line = line.strip() if not line: continue confset1(smb4_conf, line)
def main(): """Use the django ORM to generate a config file. We'll build the config file as a series of lines, and once that is done write it out in one go""" map_acls_mode = False afp_config = "/usr/local/etc/afp.conf" cf_contents = [] afp = AFP.objects.order_by('-id')[0] cf_contents.append("[Global]\n") uam_list = ['uams_dhx.so', 'uams_dhx2.so'] if afp.afp_srv_guest: uam_list.append('uams_guest.so') cf_contents.append('\tguest account = %s\n' % afp.afp_srv_guest_user) # uams_gss.so bails out with an error if kerberos isn't configured if KerberosKeytab.objects.count() > 0: uam_list.append('uams_gss.so') cf_contents.append('\tuam list = %s\n' % (" ").join(uam_list)) if afp.afp_srv_bindip: cf_contents.append("\tafp listen = %s\n" % ' '.join(afp.afp_srv_bindip)) cf_contents.append("\tmax connections = %s\n" % afp.afp_srv_connections_limit) cf_contents.append("\tmimic model = RackMac\n") if afp.afp_srv_dbpath: cf_contents.append("\tvol dbnest = no\n") cf_contents.append("\tvol dbpath = %s\n" % afp.afp_srv_dbpath) else: cf_contents.append("\tvol dbnest = yes\n") if afp.afp_srv_global_aux: cf_contents.append("\t%s" % afp.afp_srv_global_aux.encode('utf8')) if afp.afp_srv_map_acls: cf_contents.append("\tmap acls = %s\n" % afp.afp_srv_map_acls) if afp.afp_srv_map_acls == 'mode' and activedirectory_enabled(): map_acls_mode = True if map_acls_mode: ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) cf_contents.append("\tldap auth method = %s\n" % "simple") cf_contents.append("\tldap auth dn = %s\n" % ad.binddn) cf_contents.append("\tldap auth pw = %s\n" % ad.bindpw) cf_contents.append("\tldap server = %s\n" % ad.domainname) cf_contents.append("\tldap userbase = %s\n" % ad.userdn) cf_contents.append("\tldap userscope = %s\n" % "sub") cf_contents.append("\tldap groupbase = %s\n" % ad.groupdn) cf_contents.append("\tldap groupscope = %s\n" % "sub") cf_contents.append("\tldap user filter = %s\n" % "objectclass=user") cf_contents.append("\tldap group filter = %s\n" % "objectclass=group") cf_contents.append("\tldap uuid attr = %s\n" % "objectGUID") cf_contents.append("\tldap uuid encoding = %s\n" % "ms-guid") cf_contents.append("\tldap name attr = %s\n" % "sAMAccountName") cf_contents.append("\tldap group attr = %s\n" % "sAMAccountName") cf_contents.append("\n") if afp.afp_srv_homedir_enable: cf_contents.append("[Homes]\n") cf_contents.append("\tbasedir regex = %s\n" % afp.afp_srv_homedir) if afp.afp_srv_homename: cf_contents.append("\thome name = %s\n" % afp.afp_srv_homename) cf_contents.append("\n") for share in AFP_Share.objects.all(): cf_contents.append("[%s]\n" % share.afp_name) cf_contents.append("\tpath = %s\n" % share.afp_path) if share.afp_allow: cf_contents.append("\tvalid users = %s\n" % share.afp_allow) if share.afp_deny: cf_contents.append("\tinvalid users = %s\n" % share.afp_deny) if share.afp_hostsallow: cf_contents.append("\thosts allow = %s\n" % share.afp_hostsallow) if share.afp_hostsdeny: cf_contents.append("\thosts deny = %s\n" % share.afp_hostsdeny) if share.afp_ro: cf_contents.append("\trolist = %s\n" % share.afp_ro) if share.afp_rw: cf_contents.append("\trwlist = %s\n" % share.afp_rw) if share.afp_timemachine: cf_contents.append("\ttime machine = yes\n") if not share.afp_nodev: cf_contents.append("\tcnid dev = no\n") if share.afp_nostat: cf_contents.append("\tstat vol = no\n") if not share.afp_upriv: cf_contents.append("\tunix priv = no\n") else: if share.afp_fperm and not map_acls_mode: cf_contents.append("\tfile perm = %s\n" % share.afp_fperm) if share.afp_dperm and not map_acls_mode: cf_contents.append("\tdirectory perm = %s\n" % share.afp_dperm) if share.afp_umask and not map_acls_mode: cf_contents.append("\tumask = %s\n" % share.afp_umask) cf_contents.append("\tveto files = .windows/.mac/\n") if map_acls_mode: cf_contents.append("\tacls = yes\n") with open(afp_config, "w") as fh: for line in cf_contents: fh.write(line)
if sid != sidval: sanity = False if sanity: sys.path.extend(['/usr/local/www', '/usr/local/www/freenasUI']) os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'freenasUI.settings') import django django.setup() from freenasUI.common.system import (activedirectory_enabled, domaincontroller_enabled, ldap_enabled, nt4_enabled) if (activedirectory_enabled() or domaincontroller_enabled() or ldap_enabled() or nt4_enabled()): print "A directory service is enabled, aborting without making changes." exit(1) print "detected SID: %s\n" % sidval from freenasUI.services.models import CIFS cifs = CIFS.objects.all()[0] print "database SID: %s\n" % cifs.cifs_SID if cifs.cifs_SID != sidval: cifs.cifs_SID = sidval print "Saving detected SID to the database" cifs.save() print "Please either reboot the system or run the following commands as root:" print "service samba_server stop" print "service ix-pre-samba start"
def generate_smb4_shares(smb4_shares): try: shares = CIFS_Share.objects.all() except: return if len(shares) == 0: return p = pipeopen("zfs list -H -o mountpoint,name") zfsout = p.communicate()[0].split('\n') if p.returncode != 0: zfsout = [] for share in shares: if not os.path.isdir( share.cifs_path.encode('utf8')) and not share.cifs_home: continue task = False for line in zfsout: try: zfs_mp, zfs_ds = line.split() if share.cifs_path == zfs_mp or share.cifs_path.startswith( "%s/" % zfs_mp): if share.cifs_path == zfs_mp: task = Task.objects.filter(task_filesystem=zfs_ds)[0] else: task = Task.objects.filter( Q(task_filesystem=zfs_ds) & Q(task_recursive=True))[0] break except: pass confset1(smb4_shares, "\n") if share.cifs_home: confset1(smb4_shares, "[homes]", space=0) valid_users_path = "%U" valid_users = "%U" if activedirectory_enabled(): try: ad = ActiveDirectory.objects.all()[0] if not ad.ad_use_default_domain: valid_users_path = "%D/%U" valid_users = "%D\%U" except: pass confset2(smb4_shares, "valid users = %s", valid_users) if share.cifs_path: cifs_homedir_path = u"%s/%s" % (share.cifs_path, valid_users_path) confset2(smb4_shares, "path = %s", cifs_homedir_path.encode('utf8')) if share.cifs_comment: confset2(smb4_shares, "comment = %s", share.cifs_comment.encode('utf8')) else: confset1(smb4_shares, "comment = Home Directories") else: confset2(smb4_shares, "[%s]", share.cifs_name.encode('utf8'), space=0) confset2(smb4_shares, "path = %s", share.cifs_path.encode('utf8')) confset2(smb4_shares, "comment = %s", share.cifs_comment.encode('utf8')) confset1(smb4_shares, "printable = no") confset1(smb4_shares, "veto files = /.snapshot/.windows/.mac/.zfs/") confset2(smb4_shares, "writeable = %s", "no" if share.cifs_ro else "yes") confset2(smb4_shares, "browseable = %s", "yes" if share.cifs_browsable else "no") vfs_objects = [] if share.cifs_recyclebin: vfs_objects.append('recycle') if task: vfs_objects.append('shadow_copy2') if is_within_zfs(share.cifs_path): vfs_objects.append('zfsacl') vfs_objects.extend(share.cifs_vfsobjects) confset1(smb4_shares, "recycle:repository = .recycle/%U") confset1(smb4_shares, "recycle:keeptree = yes") confset1(smb4_shares, "recycle:versions = yes") confset1(smb4_shares, "recycle:touch = yes") confset1(smb4_shares, "recycle:directory_mode = 0777") confset1(smb4_shares, "recycle:subdir_mode = 0700") if task: confset1(smb4_shares, "shadow:snapdir = .zfs/snapshot") confset1(smb4_shares, "shadow:sort = desc") confset1(smb4_shares, "shadow:localtime = yes") confset1( smb4_shares, "shadow:format = auto-%%Y%%m%%d.%%H%%M-%s%s" % (task.task_ret_count, task.task_ret_unit[0])) if vfs_objects: confset2(smb4_shares, "vfs objects = %s", ' '.join(vfs_objects).encode('utf8')) confset2(smb4_shares, "hide dot files = %s", "no" if share.cifs_showhiddenfiles else "yes") confset2(smb4_shares, "hosts allow = %s", share.cifs_hostsallow) confset2(smb4_shares, "hosts deny = %s", share.cifs_hostsdeny) confset2(smb4_shares, "guest ok = %s", "yes" if share.cifs_guestok else "no") confset2(smb4_shares, "guest only = %s", "yes" if share.cifs_guestonly else False) confset1(smb4_shares, "nfs4:mode = special") confset1(smb4_shares, "nfs4:acedup = merge") confset1(smb4_shares, "nfs4:chown = true") confset1(smb4_shares, "zfsacl:acesort = dontcare") for line in share.cifs_auxsmbconf.split('\n'): confset1(smb4_shares, line)
def main(): """Use the django ORM to generate a config file. We'll build the config file as a series of lines, and once that is done write it out in one go""" map_acls_mode = False afp_config = "/usr/local/etc/afp.conf" cf_contents = [] afp = AFP.objects.order_by('-id')[0] cf_contents.append("[Global]\n") uam_list = ['uams_dhx.so', 'uams_dhx2.so'] if afp.afp_srv_guest: uam_list.append('uams_guest.so') cf_contents.append('\tguest account = %s\n' % afp.afp_srv_guest_user) # uams_gss.so bails out with an error if kerberos isn't configured if KerberosKeytab.objects.count() > 0: uam_list.append('uams_gss.so') cf_contents.append('\tuam list = %s\n' % (" ").join(uam_list)) if afp.afp_srv_bindip: cf_contents.append("\tafp listen = %s\n" % ' '.join(afp.afp_srv_bindip)) cf_contents.append("\tmax connections = %s\n" % afp.afp_srv_connections_limit) cf_contents.append("\tmimic model = RackMac\n") if afp.afp_srv_dbpath: cf_contents.append("\tvol dbnest = no\n") cf_contents.append("\tvol dbpath = %s\n" % afp.afp_srv_dbpath) else: cf_contents.append("\tvol dbnest = yes\n") if afp.afp_srv_global_aux: cf_contents.append("\t%s" % afp.afp_srv_global_aux.encode('utf8')) if afp.afp_srv_map_acls: cf_contents.append("\tmap acls = %s\n" % afp.afp_srv_map_acls) if afp.afp_srv_map_acls == 'mode' and activedirectory_enabled(): map_acls_mode = True if map_acls_mode: ad = FreeNAS_ActiveDirectory(flags=FLAGS_DBINIT) cf_contents.append("\tldap auth method = %s\n" % "simple") cf_contents.append("\tldap auth dn = %s\n" % ad.binddn) cf_contents.append("\tldap auth pw = %s\n" % ad.bindpw) cf_contents.append("\tldap server = %s\n" % ad.domainname) cf_contents.append("\tldap userbase = %s\n" % ad.userdn) cf_contents.append("\tldap userscope = %s\n" % "sub") cf_contents.append("\tldap groupbase = %s\n" % ad.groupdn) cf_contents.append("\tldap groupscope = %s\n" % "sub") cf_contents.append("\tldap user filter = %s\n" % "objectclass=user") cf_contents.append("\tldap group filter = %s\n" % "objectclass=group") cf_contents.append("\tldap uuid attr = %s\n" % "objectGUID") cf_contents.append("\tldap uuid encoding = %s\n" % "ms-guid") cf_contents.append("\tldap name attr = %s\n" % "sAMAccountName") cf_contents.append("\tldap group attr = %s\n" % "sAMAccountName") cf_contents.append("\n") if afp.afp_srv_homedir_enable: cf_contents.append("[Homes]\n") cf_contents.append("\tbasedir regex = %s\n" % afp.afp_srv_homedir) if afp.afp_srv_homename: cf_contents.append("\thome name = %s\n" % afp.afp_srv_homename) cf_contents.append("\n") for share in AFP_Share.objects.all(): cf_contents.append("[%s]\n" % share.afp_name) cf_contents.append("\tpath = %s\n" % share.afp_path) if share.afp_allow: cf_contents.append("\tvalid users = %s\n" % share.afp_allow) if share.afp_deny: cf_contents.append("\tinvalid users = %s\n" % share.afp_deny) if share.afp_hostsallow: cf_contents.append("\thosts allow = %s\n" % share.afp_hostsallow) if share.afp_hostsdeny: cf_contents.append("\thosts deny = %s\n" % share.afp_hostsdeny) if share.afp_ro: cf_contents.append("\trolist = %s\n" % share.afp_ro) if share.afp_rw: cf_contents.append("\trwlist = %s\n" % share.afp_rw) if share.afp_timemachine: cf_contents.append("\ttime machine = yes\n") if not share.afp_nodev: cf_contents.append("\tcnid dev = no\n") if share.afp_nostat: cf_contents.append("\tstat vol = no\n") if not share.afp_upriv: cf_contents.append("\tunix priv = no\n") else: if share.afp_fperm and not map_acls_mode: cf_contents.append("\tfile perm = %s\n" % share.afp_fperm) if share.afp_dperm and not map_acls_mode: cf_contents.append("\tdirectory perm = %s\n" % share.afp_dperm) if share.afp_umask and not map_acls_mode: cf_contents.append("\tumask = %s\n" % share.afp_umask) cf_contents.append("\tveto files = .windows/.mac/\n") if map_acls_mode: cf_contents.append("\tacls = yes\n") with open(afp_config, "w") as fh: for line in cf_contents: fh.write(line)
def generate_smb4_shares(smb4_shares): try: shares = CIFS_Share.objects.all() except: return if len(shares) == 0: return for share in shares: if (not share.cifs_home and not os.path.isdir(share.cifs_path.encode('utf8'))): continue confset1(smb4_shares, "\n") if share.cifs_home: confset1(smb4_shares, "[homes]", space=0) valid_users_path = "%U" valid_users = "%U" if activedirectory_enabled(): try: ad = ActiveDirectory.objects.all()[0] if not ad.ad_use_default_domain: valid_users_path = "%D/%U" valid_users = "%D\%U" except: pass confset2(smb4_shares, "valid users = %s", valid_users) if share.cifs_path: cifs_homedir_path = (u"%s/%s" % (share.cifs_path, valid_users_path)) confset2(smb4_shares, "path = %s", cifs_homedir_path.encode('utf8')) if share.cifs_comment: confset2(smb4_shares, "comment = %s", share.cifs_comment.encode('utf8')) else: confset1(smb4_shares, "comment = Home Directories") else: confset2(smb4_shares, "[%s]", share.cifs_name.encode('utf8'), space=0) confset2(smb4_shares, "path = %s", share.cifs_path.encode('utf8')) confset2(smb4_shares, "comment = %s", share.cifs_comment.encode('utf8')) confset1(smb4_shares, "printable = no") confset1(smb4_shares, "veto files = /.snapshot/.windows/.mac/.zfs/") confset2(smb4_shares, "writeable = %s", "no" if share.cifs_ro else "yes") confset2(smb4_shares, "browseable = %s", "yes" if share.cifs_browsable else "no") task = None if share.cifs_storage_task: task = share.cifs_storage_task vfs_objects = [] if task: vfs_objects.append('shadow_copy2') extend_vfs_objects_for_zfs(share.cifs_path, vfs_objects) vfs_objects.extend(share.cifs_vfsobjects) if share.cifs_recyclebin: vfs_objects.append('recycle') confset1(smb4_shares, "recycle:repository = .recycle/%U") confset1(smb4_shares, "recycle:keeptree = yes") confset1(smb4_shares, "recycle:versions = yes") confset1(smb4_shares, "recycle:touch = yes") confset1(smb4_shares, "recycle:directory_mode = 0777") confset1(smb4_shares, "recycle:subdir_mode = 0700") if task: confset1(smb4_shares, "shadow:snapdir = .zfs/snapshot") confset1(smb4_shares, "shadow:sort = desc") confset1(smb4_shares, "shadow:localtime = yes") confset1(smb4_shares, "shadow:format = auto-%%Y%%m%%d.%%H%%M-%s%s" % (task.task_ret_count, task.task_ret_unit[0])) confset1(smb4_shares, "shadow:snapdirseverywhere = yes") config_share_for_vfs_objects(smb4_shares, vfs_objects) confset2(smb4_shares, "hide dot files = %s", "no" if share.cifs_showhiddenfiles else "yes") confset2(smb4_shares, "hosts allow = %s", share.cifs_hostsallow) confset2(smb4_shares, "hosts deny = %s", share.cifs_hostsdeny) confset2(smb4_shares, "guest ok = %s", "yes" if share.cifs_guestok else "no") confset2(smb4_shares, "guest only = %s", "yes" if share.cifs_guestonly else False) config_share_for_nfs4(smb4_shares) config_share_for_zfs(smb4_shares) for line in share.cifs_auxsmbconf.split('\n'): line = line.strip() if not line: continue line = line.encode('utf-8') confset1(smb4_shares, line)
def generate_smb4_shares(smb4_shares): try: shares = CIFS_Share.objects.all() except: return if len(shares) == 0: return p = pipeopen("zfs list -H -o mountpoint,name") zfsout = p.communicate()[0].split('\n') if p.returncode != 0: zfsout = [] for share in shares: if not os.path.isdir(share.cifs_path.encode('utf8')) and not share.cifs_home: continue task = False for line in zfsout: try: zfs_mp, zfs_ds = line.split() if share.cifs_path == zfs_mp or share.cifs_path.startswith("%s/" % zfs_mp): if share.cifs_path == zfs_mp: task = Task.objects.filter(task_filesystem = zfs_ds)[0] else: task = Task.objects.filter(Q(task_filesystem = zfs_ds) & Q(task_recursive=True))[0] break except: pass confset1(smb4_shares, "\n") if share.cifs_home: confset1(smb4_shares, "[homes]", space=0) valid_users_path = "%U" valid_users = "%U" if activedirectory_enabled(): try: ad = ActiveDirectory.objects.all()[0] if not ad.ad_use_default_domain: valid_users_path = "%D/%U" valid_users = "%D\%U" except: pass confset2(smb4_shares, "valid users = %s", valid_users) if share.cifs_path: cifs_homedir_path = u"%s/%s" % (share.cifs_path, valid_users_path) confset2(smb4_shares, "path = %s", cifs_homedir_path.encode('utf8')) if share.cifs_comment: confset2(smb4_shares, "comment = %s", share.cifs_comment.encode('utf8')) else: confset1(smb4_shares, "comment = Home Directories") else: confset2(smb4_shares, "[%s]", share.cifs_name.encode('utf8'), space=0) confset2(smb4_shares, "path = %s", share.cifs_path.encode('utf8')) confset2(smb4_shares, "comment = %s", share.cifs_comment.encode('utf8')) confset1(smb4_shares, "printable = no") confset1(smb4_shares, "veto files = /.snapshot/.windows/.mac/.zfs/") confset2(smb4_shares, "writeable = %s", "no" if share.cifs_ro else "yes") confset2(smb4_shares, "browseable = %s", "yes" if share.cifs_browsable else "no") vfs_objects = [] if share.cifs_recyclebin: vfs_objects.append('recycle') if task: vfs_objects.append('shadow_copy2') if is_within_zfs(share.cifs_path): vfs_objects.append('zfsacl') vfs_objects.extend(share.cifs_vfsobjects) confset1(smb4_shares, "recycle:repository = .recycle/%U") confset1(smb4_shares, "recycle:keeptree = yes") confset1(smb4_shares, "recycle:versions = yes") confset1(smb4_shares, "recycle:touch = yes") confset1(smb4_shares, "recycle:directory_mode = 0777") confset1(smb4_shares, "recycle:subdir_mode = 0700") if task: confset1(smb4_shares, "shadow:snapdir = .zfs/snapshot") confset1(smb4_shares, "shadow:sort = desc") confset1(smb4_shares, "shadow:localtime = yes") confset1(smb4_shares, "shadow:format = auto-%%Y%%m%%d.%%H%%M-%s%s" % ( task.task_ret_count, task.task_ret_unit[0])) if vfs_objects: confset2(smb4_shares, "vfs objects = %s", ' '.join(vfs_objects).encode('utf8')) confset2(smb4_shares, "hide dot files = %s", "no" if share.cifs_showhiddenfiles else "yes") confset2(smb4_shares, "hosts allow = %s", share.cifs_hostsallow) confset2(smb4_shares, "hosts deny = %s", share.cifs_hostsdeny) confset2(smb4_shares, "guest ok = %s", "yes" if share.cifs_guestok else "no") confset2(smb4_shares, "guest only = %s", "yes" if share.cifs_guestonly else False) confset1(smb4_shares, "nfs4:mode = special") confset1(smb4_shares, "nfs4:acedup = merge") confset1(smb4_shares, "nfs4:chown = true") confset1(smb4_shares, "zfsacl:acesort = dontcare") for line in share.cifs_auxsmbconf.split('\n'): confset1(smb4_shares, line)
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") confset1(smb4_conf, "syslog = 1") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset2(smb4_conf, "obey pam restrictions = %s", "yes" if cifs.cifs_srv_obey_pam_restrictions else "no") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset1(smb4_conf, "ea support = yes") confset1(smb4_conf, "store dos attributes = yes") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "domain logons = %s", "yes" if cifs.cifs_srv_domain_logons else "no") confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") if cifs.cifs_srv_localmaster and not nt4_enabled() \ and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else False) idmap = get_idmap_object(DS_TYPE_CIFS, cifs.id, 'tdb') configure_idmap_backend(smb4_conf, idmap, None) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd") confset1(smb4_conf, "private dir = /var/etc/private") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) for line in cifs.cifs_srv_smb_options.split('\n'): confset1(smb4_conf, line) if cifs.cifs_srv_homedir_enable: valid_users_path = "%U" valid_users = "%U" if activedirectory_enabled(): try: ad = ActiveDirectory.objects.all()[0] if not ad.ad_use_default_domain: valid_users_path = "%D/%U" valid_users = "%D\%U" except: pass if cifs.cifs_srv_homedir: cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir, valid_users_path) else: cifs_homedir_path = False confset1(smb4_conf, "\n") confset1(smb4_conf, "[homes]", space=0) confset1(smb4_conf, "comment = Home Directories") confset2(smb4_conf, "valid users = %s", valid_users) confset1(smb4_conf, "writable = yes") confset2(smb4_conf, "browseable = %s", "yes" if cifs.cifs_srv_homedir_browseable_enable else "no") if cifs_homedir_path: confset2(smb4_conf, "path = %s", cifs_homedir_path) for line in cifs.cifs_srv_homedir_aux.split('\n'): confset1(smb4_conf, line)
def Enabled(self): return activedirectory_enabled()
def Enabled(self): return activedirectory_enabled()
def generate_smb4_conf(smb4_conf, role): try: cifs = CIFS.objects.all()[0] except: return if not cifs.cifs_srv_guest: cifs.cifs_srv_guest = 'ftp' if not cifs.cifs_srv_filemask: cifs.cifs_srv_filemask = "0666" if not cifs.cifs_srv_dirmask: cifs.cifs_srv_dirmask = "0777" # standard stuff... should probably do this differently confset1(smb4_conf, "[global]", space=0) confset2(smb4_conf, "server min protocol = %s", cifs.cifs_srv_min_protocol) confset2(smb4_conf, "server max protocol = %s", cifs.cifs_srv_max_protocol) confset1(smb4_conf, "encrypt passwords = yes") confset1(smb4_conf, "dns proxy = no") confset1(smb4_conf, "strict locking = no") confset1(smb4_conf, "oplocks = yes") confset1(smb4_conf, "deadtime = 15") confset1(smb4_conf, "max log size = 51200") confset2(smb4_conf, "max open files = %d", long(get_sysctl('kern.maxfilesperproc')) - 25) if cifs.cifs_srv_syslog: confset1(smb4_conf, "syslog only = yes") confset1(smb4_conf, "syslog = 1") confset1(smb4_conf, "load printers = no") confset1(smb4_conf, "printing = bsd") confset1(smb4_conf, "printcap name = /dev/null") confset1(smb4_conf, "disable spoolss = yes") confset1(smb4_conf, "getwd cache = yes") confset2(smb4_conf, "guest account = %s", cifs.cifs_srv_guest.encode('utf8')) confset1(smb4_conf, "map to guest = Bad User") confset1(smb4_conf, "obey pam restrictions = Yes") confset1(smb4_conf, "directory name cache size = 0") confset1(smb4_conf, "kernel change notify = no") confset1(smb4_conf, "panic action = /usr/local/libexec/samba/samba-backtrace") confset2(smb4_conf, "server string = %s", cifs.cifs_srv_description) confset2(smb4_conf, "ea support = %s", "yes" if cifs.cifs_srv_easupport else False) confset2(smb4_conf, "store dos attributes = %s", "yes" if cifs.cifs_srv_dosattr else False) if cifs.cifs_srv_dosattr: confset1(smb4_conf, "map archive = no") confset1(smb4_conf, "map readonly = no") confset1(smb4_conf, "map hidden = no") confset1(smb4_conf, "map system = no") confset2(smb4_conf, "hostname lookups = %s", "yes" if cifs.cifs_srv_hostlookup else False) confset2(smb4_conf, "unix extensions = %s", "no" if not cifs.cifs_srv_unixext else False) confset2(smb4_conf, "time server = %s", "yes" if cifs.cifs_srv_timeserver else False) confset2(smb4_conf, "null passwords = %s", "yes" if cifs.cifs_srv_nullpw else False) confset2(smb4_conf, "acl allow execute always = %s", "true" if cifs.cifs_srv_allow_execute_always else "false") if cifs.cifs_srv_localmaster and not nt4_enabled() \ and not activedirectory_enabled(): confset2(smb4_conf, "local master = %s", "yes" if cifs.cifs_srv_localmaster else False) if role == 'auto': confset1(smb4_conf, "server role = auto") elif role == 'classic': confset1(smb4_conf, "server role = classic primary domain controller") elif role == 'netbios': confset1(smb4_conf, "server role = netbios backup domain controller") elif role == 'dc': confset1(smb4_conf, "server role = active directory domain controller") add_domaincontroller_conf(smb4_conf) elif role == 'member': confset1(smb4_conf, "server role = member server") if nt4_enabled(): add_nt4_conf(smb4_conf) elif ldap_enabled(): add_ldap_conf(smb4_conf) elif activedirectory_enabled(): add_activedirectory_conf(smb4_conf) elif role == 'standalone': confset1(smb4_conf, "server role = standalone") confset2(smb4_conf, "netbios name = %s", cifs.cifs_srv_netbiosname.upper()) confset2(smb4_conf, "workgroup = %s", cifs.cifs_srv_workgroup.upper()) confset1(smb4_conf, "security = user") if role != 'dc': confset1(smb4_conf, "pid directory = /var/run/samba") confset1(smb4_conf, "smb passwd file = /var/etc/private/smbpasswd") confset1(smb4_conf, "private dir = /var/etc/private") confset2(smb4_conf, "create mask = %s", cifs.cifs_srv_filemask) confset2(smb4_conf, "directory mask = %s", cifs.cifs_srv_dirmask) confset1(smb4_conf, "client ntlmv2 auth = yes") confset2(smb4_conf, "dos charset = %s", cifs.cifs_srv_doscharset) confset2(smb4_conf, "unix charset = %s", cifs.cifs_srv_unixcharset) if cifs.cifs_srv_loglevel and cifs.cifs_srv_loglevel is not True: confset2(smb4_conf, "log level = %s", cifs.cifs_srv_loglevel) for line in cifs.cifs_srv_smb_options.split('\n'): confset1(smb4_conf, line) if cifs.cifs_srv_homedir_enable: valid_users_path = "%U" valid_users = "%U" if activedirectory_enabled(): try: ad = ActiveDirectory.objects.all()[0] if not ad.ad_use_default_domain: valid_users_path = "%D/%U" valid_users = "%D\%U" except: pass if cifs.cifs_srv_homedir: cifs_homedir_path = "%s/%s" % (cifs.cifs_srv_homedir, valid_users_path) else: cifs_homedir_path = False confset1(smb4_conf, "\n") confset1(smb4_conf, "[homes]", space=0) confset1(smb4_conf, "comment = Home Directories") confset2(smb4_conf, "valid users = %s", valid_users) confset1(smb4_conf, "writable = yes") confset2(smb4_conf, "browseable = %s", "yes" if cifs.cifs_srv_homedir_browseable_enable else "no") if cifs_homedir_path: confset2(smb4_conf, "path = %s", cifs_homedir_path) for line in cifs.cifs_srv_homedir_aux.split('\n'): confset1(smb4_conf, line)